U.S. Court Extends Fifth Amendment to Encrypted Data

 Pages PREV 1 2 3 4 5 6 NEXT
 

Yay, it's always good to see individual rights finally catch up with technology. A lot like last month when they said planting a GPS on someone's stuff violates the 4th.

Vivi22:

Thyunda:
And once again - I can't comprehend how you can defend actively refusing to aid an investigation.

He's not defending it, he's pointing out it isn't illegal to not cooperate so long as police aren't knocking on the door with a warrant for evidence they believe you possess. I'm surprised such a distinction seems to be slipping past "one of them educated types."

People need to respect the police. 'Never trust a copper' is 70s talk. I like to think we've come past that. If the officer asks 'what's in the box', you open the box. The law enforcement has a job to do. An important job.

What world are you living in these days? Yeah, police have an important job to do. But mistakes do happen, abuses of power are surprisingly common, particularly in America, and not only do you have the right to consult with a lawyer before helping the police, it's a good idea to because anything has the potential to be taken out of context and misconstrued to land yourself or other innocent people in prison. It does happen, and you'd have to have your head in the sand not to realize that.

Tipsy Giant:
Well it's relevant as the "Founding Fathers" could not have known that an entire libraries worth of text with moving images proving fault could be stored and encrypted, can't believe i'm arguing whether a bunch of dudes from 1776 predicted hard drive encryption....!

The scale doesn't matter though because the principal is the same regardless of how much content is involved. If someone wanted to they could encode every physical document they ever produced, so again, how is the distinction your trying to make supposed to be relevant just because the potential scale has changed?

Now let's not bring in the faults of the legal system here - that's an argument for a larger battlefield. I, personally, despise the fact that you need a lawyer to speak to the law. Or that you can be jailed on a misinterpretation.

But then, I'm not just talking from a legal standpoint. My studies were in social humanities, not in legal. I'm seeing it from a moral and practical standpoint. We've managed to breed a culture of every man for himself, and it's just not right. It's wrong to withhold evidence from the law, no matter who the evidence is against and who is doing the hiding. If he needs to have a lawyer look over the files first, to make sure there's nothing incriminating, I can't see a problem with that. He should be permitted to decrypt the files in privacy at least. But those files need to be decrypted. And that's the end of it.

Tipsy Giant:
They are irrelevant nowadays, the world is so different today than it was then, they need to write a new constitution, that's right I said it.

Fair enough then. If you want to completely rewrite the foundation of American government, then we will simply have to agree to disagree.

cobra_ky:

Tipsy Giant:
They are irrelevant nowadays, the world is so different today than it was then, they need to write a new constitution, that's right I said it.

Fair enough then. If you want to completely rewrite the foundation of American government, then we will simply have to agree to disagree.

You wouldn't agree that stating Lobbying to be illegal would help to make bribery clearer? Oh and stopping Corporations from being classified as humans?

reonhato:
ok then it should be no more protected as a guy who decides to bury his documents instead of shredding them. it is hiding evidence so it cannot be used.

Again, not equivalent. The police have full access to the data, they simply lack the means to read it.

Let's put it another way, if I possess documents which the police confiscate that are written in German, I'm not obligated to translate them for them. If they want to read them, they have to have them translated. Just as if they want to read encrypted data, they have to try and crack it.

decrypting something is not being a witness against yourself. sure the contents might not be great, but you are not testifying to the contents, just the fact that you knew how to decrypt it, just as the person handing over documents is not admitting to anything to do with the contents, just that they knew the location of said documents.

It absolutely is bearing witness as it proves you had access to the data. It may not prove you had sole access, but prosecutors can easily make the argument that someone who took the trouble to encrypt a hard drive is not giving out the password to others, especially if it contained evidence which may indicate criminal activity. By helping them decrypt it you make their case stronger than if they have to access it on their own. How you can argue that isn't equivalent to testimony that incriminates you is beyond me, especially when explaining how to decrypt something essentially is giving testimony.

Thyunda:
But those files need to be decrypted. And that's the end of it.

But that's just it, it's the governments job to make the case against a defendant. They don't have to help them do it, and even the act of showing them how to decrypt files can be used against a defendant, whether rightly so or not.

Yes, in an ideal world, I'd like to see criminals go to jail because prosecutors have all of the evidence against them and can build a solid case. But such protections aren't there to protect criminals from prosecution, but potentially innocent suspects from helping the government convict them. Whether you like it or not, a choice has to be made between giving government broad power to investigate and protecting innocent people from abuse of government power and wrongful conviction. Personally, I value the latter more than convicting a few more criminals, or perhaps more accurately, convicting them sooner since most repeat offenders slip up eventually, and particularly when prosecution and punishment play a fairly minor role in actually preventing crime.

Tipsy Giant:

cobra_ky:

Tipsy Giant:
They are irrelevant nowadays, the world is so different today than it was then, they need to write a new constitution, that's right I said it.

Fair enough then. If you want to completely rewrite the foundation of American government, then we will simply have to agree to disagree.

You wouldn't agree that stating Lobbying to be illegal would help to make bribery clearer? Oh and stopping Corporations from being classified as humans?

i think i would agree with both of those things. Neither requires rewriting the Constitution from scratch.

Thyunda:
Oh. Wait. Did you want some hastily Googled video from some guy? No, see, I'm one of them educated types.

And so is the guy in the video i linked. Just because he decided to put his knowledge up on YouTube doesn't mean that it's invalid.

For someone who just stated himself as "educated", you don't seem to take well to education. I'll repeat again: Watch the video, it will make you smarter. If you insist on not doing so... well, like i said, you cannot force people to not be stupid, so suit yourself :o)

Thyunda:
And once again - I can't comprehend how you can defend actively refusing to aid an investigation.

Because aiding an investigation might get yourself in trouble. Which you would once again understand if you watched the video.

Thyunda:
Your neighbour doesn't hand the tapes over? Because of him, the criminals are not identified. Because of him they can strike again.

You can't prove that the tapes would allow the police the identify the perpetrators.
You can't prove that the criminals would strike again.
You can't prove that it's the neighbors fault that the criminals can strike again. Beyond the two first points i just made, who is to say he is the only one to have caught the criminals? Maybe someone else also saw the criminals, but decided not to speak up about it. Maybe someone even KNOWS the criminals, but decides also to keep quiet.

Case in point: You can't conclusively define the event horizon for the criminals getting caught or walking free :o)

Thyunda:
See, with your attitude, we can't remove the stupid. But with a more...forward-thinking approach, then yes, we CAN.

The only way to remove stupid is to remove free will.

Thyunda:
People need to respect the police. 'Never trust a copper' is 70s talk. I like to think we've come past that. If the officer asks 'what's in the box', you open the box. The law enforcement has a job to do. An important job.

I'll repeat again: Watch the damned video. If you don't have the time now to watch the ~27 important minutes, then that's okay. Return to me tomorrow instead when you have watched it.

The police needs to give people a reason to respect them. I respect the cops in Denmark because they don't try to entrap you at every chance you get, and because they aren't allowed to legally lie to you, and don't necessarily try to hook you up on every little nook and cranny of a law that you break (unless you do something to piss them off).

In the United States, it doesn't work like that. I don't mean to say that there aren't nice cops in the US, and I'm sure that most US cops take pride in helping out the citizens, but the point is that US law gives the population absolutely NO reason to trust the police. Talking to the police in the US is ALWAYS a risk, because everything you say can be used against you (but not for you). Again, the video will make you smarter, so watch it. I cannot reiterate this enough.

I agree that law enforcement has a very important job to do, but even so, respect is something that needs to be earned, no matter who you are. And in the US, talking to the cops always carry a higher risk than in other countries. Why do you think defense attorneys always say to their clients that they should NEVER talk to the police? Because it's not worth it. Best case scenario is that nothing happens. Worst case scenario is that you get yourself into trouble. That's why.

Respect is always a two-way street. No-one gets a free-ride, not even the police (and certainly not politicians).

Thyunda:
And the Middle East is an excellent example of why religion and state should remain totally separate. That doesn't apply here. We're talking about the fair, democratic, safe-for-all, equality-driven West.

And see, this is where you're wrong again.

If the west is so fair, democratic, safe-for-all and equility-driven, why does the United States only score 7.1 on Transparency Internationals 0-10 scale about corruption? :o)

No country is perfect. Period. There will always be people who abuse power, laws who aren't fair/just/thought through properly, lobbyists who sway politicians. Yes we are miles ahead of the middle-eastern countries where Religion dominates. However, we still have a long way to go.

cobra_ky:

Tipsy Giant:

cobra_ky:

Fair enough then. If you want to completely rewrite the foundation of American government, then we will simply have to agree to disagree.

You wouldn't agree that stating Lobbying to be illegal would help to make bribery clearer? Oh and stopping Corporations from being classified as humans?

i think i would agree with both of those things. Neither requires rewriting the Constitution from scratch.

But there is no reason not to rewrite it from scratch and take away the stigma of "Founding Fathers" writing it. Making it more plausible to change it at any time to constantly align with modern culture

As much as I do love the right to privacy. I think this is a good thing.

>> Has child porn on computer
>> FBI want to look
>> Say no
>> The end.

That can now be totally avoided.

Athinira:

Thyunda:
And the Middle East is an excellent example of why religion and state should remain totally separate. That doesn't apply here. We're talking about the fair, democratic, safe-for-all, equality-driven West.

And see, this is where you're wrong again.

If the west is so fair, democratic, safe-for-all and equility-driven, why does the United States only score 7.1 on Transparency Internationals 0-10 scale about corruption? :o)

No country is perfect. Period. There will always be people who abuse power, laws who aren't fair/just/thought through properly, lobbyists who sway politicians. Yes we are miles ahead of the middle-eastern countries where Religion dominates. However, we still have a long way to go.

I think your sarcasm detectors might be faulty.

Tipsy Giant:

cobra_ky:

Tipsy Giant:

You wouldn't agree that stating Lobbying to be illegal would help to make bribery clearer? Oh and stopping Corporations from being classified as humans?

i think i would agree with both of those things. Neither requires rewriting the Constitution from scratch.

But there is no reason not to rewrite it from scratch and take away the stigma of "Founding Fathers" writing it. Making it more plausible to change it at any time to constantly align with modern culture

It's not like the mechanisms to change it don't exist already. People simply need to be motivated to use them, which you would need to do in order to draft a new constitution anyway.

Robert Ewing:
As much as I do love the right to privacy. I think this is a good thing.

>> Has child porn on computer
>> FBI want to look
>> Say no
>> The end.

That can now be totally avoided.

I don't think you actually read the article. It's about encryption being protected under the law, you seem to assume the opposite.

Thyunda:
I think your sarcasm detectors might be faulty.

Possibly, it's a long discussion, and I'm headed to work in 15 minutes :-)

Athinira:

Thyunda:
I think your sarcasm detectors might be faulty.

Possibly, it's a long discussion, and I'm headed to work in 15 minutes :-)

In case the sarcasm and the ac.uk college didn't give it away, I'm in fact British, and we make a whole culture of being ashamed of the American government. So don't think I'm trying to justify the convoluted minefield of the legal system over there. Or over here, for that matter.

and this is news?
where i live (czech republic/germany) it's been like that since forever. they can't make you assist in the investigation against yourself, that would be moronic.

Well, this is a bit problematic. On one hand, I can very well see why this is a good thing. And on the other hand, I can see why this is a bad thing. So I'm going to reserve judgement and see how this plays out.

Great for the little guy, but will set a precedent that will be abused by any major corporation.

BiH-Kira:
Couldn't you just say you don't know how or don't know the password?
They can't prove you know or don't know it.
If they ask you hod you accessed it, you say you had it written on a piece of paper and lost it.

Just asking. :D

Unfortunately not. Under The Regulation of Investigatory Powers Act 2000, Part III.
It is an offence to refuse to decrypt information when requested to do so by law enforcement.
Failure to provide decrypted information or the keys to read the information can carry a penalty of up to 2 years in prison.

The thing about pleading ignorance is, how do you prove you don't know something in a court of law?
What evidence could one offer up that proves they don't know something other than their word?

It massively sucks as it is very possible for people to go to jail for not knowing how to access an encrypted file on their own system.

Its kinda funny how everyone here thinks data encryption means its untouchable. Nothing could be farther from the truth.

1) Decrypting data takes time and I think the FBI wanted to shortcut the process. Since the feds already had warrants for the material, if the man had decrypted the data and then the appeals court overturned the ruling, the data might still be admissible in court since it was obtained under a warrant.

2) If it were a high profile case, don't you think the people at TrueCrypt would help and probably have methods for bypassing their own security. Enough with the doomsday scenarios.

3) This is about the right to no self-incriminate. You are legally entitled to do nothing to help the police build a case.

btw: If you encrypt data after its been requested, that's obstruction. So this ruling only applies to someone who routinely encrypts their data.

FrostyChick:

BiH-Kira:
Couldn't you just say you don't know how or don't know the password?
They can't prove you know or don't know it.
If they ask you hod you accessed it, you say you had it written on a piece of paper and lost it.

Just asking. :D

Unfortunately not. Under The Regulation of Investigatory Powers Act 2000, Part III.
It is an offence to refuse to decrypt information when requested to do so by law enforcement.
Failure to provide decrypted information or the keys to read the information can carry a penalty of up to 2 years in prison.

The thing about pleading ignorance is, how do you prove you don't know something in a court of law?
What evidence could one offer up that proves they don't know something other than their word?

It massively sucks as it is very possible for people to go to jail for not knowing how to access an encrypted file on their own system.

But that means that you're guilty until you prove your self innocent. That's totally against democracy. They should prove me guilty, not the other way around.

IMHO, makes no sense and should be changed ASAP. I know that that could make some cases harder even tho the defendant is obviously guilty, but the current situation can be abused to easily.

Just an example. Someone could create some encrypted data on your PC (via hacking or by just having direct access to your PC) and give the police an anonymous tip. You really don't know anything, jet you can't prove it. You're guilty by default. In the current world, where computer access is a "must", that's damn wrong. It doesn't need to be anything illegal. Just an encrypted empty .txt document and you go 2 years.

The part that Im confused is that people actually believe that people will decrypt stuff that will land them several years in prison simply cause you can receive up to two years prison time for refusing to do so.

I'm pretty sure that anyone that has half a brain will choose 2 years over (example) 5 years in prison..

BiH-Kira:

But that means that you're guilty until you prove your self innocent. That's totally against democracy. They should prove me guilty, not the other way around.

IMHO, makes no sense and should be changed ASAP. I know that that could make some cases harder even tho the defendant is obviously guilty, but the current situation can be abused to easily.

It can be massively abused, a point that my IT legislation lecturer loves to bring up.
And I know, it is pretty horrible but the law has been around now for 12 years. There is always hope that it might be changed at some point in the future. But when you wait 12 years to start a political shitstorm, your message kinda gets blunted by the inevitable, "Why wait till now, over a decade later, to say anything about it?".

Evil Alpaca:
Its kinda funny how everyone here thinks data encryption means its untouchable. Nothing could be farther from the truth.

1) Decrypting data takes time and I think the FBI wanted to shortcut the process. Since the feds already had warrants for the material, if the man had decrypted the data and then the appeals court overturned the ruling, the data might still be admissible in court since it was obtained under a warrant.

2) If it were a high profile case, don't you think the people at TrueCrypt would help and probably have methods for bypassing their own security. Enough with the doomsday scenarios.

It's funny how people like you come here and talk about stuff you literally know NOTHING about.

Modern encryption algorithms, the ones employed by TrueCrypt, are so strong that if you employ a strong password (and potentially keyfiles) they can't be cracked within the lifetime of the universe, even if you gathered the earths collective computer power and multiplied it by a trillion. Even quantum computers cannot help bruteforce modern algorithms (their application is in factoring prime-numbers, which can crack public key crypto like RSA, but not symmetrical key crypto like AES, Twofish and Serpent).

Neither the FBI, nor any other organization (NSA, CIA, Russians, Chinese) have the capabilities to crack modern symmetrical key crypto with a proper password/key. And no, the TrueCrypt developers cannot help them either. The system is designed with no backdoors. TrueCrypt is Open-Source, uses well-known encryption algorithms (including AES which the US Government themself use to protect data), and TrueCrypt containers have already been attempted cryptoanalyzed before. They just look like random data.

Edit: Decided to fetch you an article, that might be able to put things into perspective.

Damn. And to think that this topic has been seething under the public's eye since the early 90s when the FBI wanted to restrict or ban encryption systems from public use because it would interfere with police procedure.

"Due process" interferes with their line of work, and ignoring the usual Tin-Foil-Hat/Trust issues for a moment, I can sympathize with that kind of frustration when information forensics is timely.

However, I'm absolutely certain the Internet needed open distribution of such security to private entities just to function). My main job was/is network security, and there is simply no right or reason to keep prodding around for loopholes that undermine the public's trust.

"Safety without trust is neither."

Therumancer:
The point you, and others, miss here is that in this case there has already been a safeguard imposed. That is to say that the evidence has been seized legally, a judge has already looked this over, and approved the seizure of that computer and data as relevent within the scope of the search. This is about access, not self incrimination, because the evidence has already been approved and entered, which is why it's a contempt issue. This isn't about testimony but a totally differant section of the legal system.

The problem is that he gave them access to the computer and the data. It's not his problem that they don't know how to use/read the data.

It's like giving them your gun. It's their damn problem that they don't know how to run the ballistics and see if the gun was used recently. If the bullet matches the bullet found. You don't help the police to see if you're DNA is on the victim. You give them access to the DNA. You don't help them find any blood in your house. You give them access to the house.

You give them the data. They don't know how to use it.
And the court CAN'T force you to decrypt it because that would be assuming that you know how to encrypt it. If you just deny that the data is yours, they can't do shit. If they assume you know it, then you are guilty until proven innocent.

Forcing you to give a password is like forcing you to give a document that may or may not exist. But if you don't give it, you go to jail. It's not important that the document doesn't exist, they don't believe you.

Matthew94:
I hope they do this in the UK too, as far as I know they can force you to unencrypt your data.

Does the UK even have protection against self-incrimination?

OT: Seems legit. I'm all for any time when personal rights are upheld or extended.

Tipsy Giant:

cobra_ky:

Tipsy Giant:

but only text based information, whereas a hard drive can store more than text

a hard drive can only store binary data, which can be interpreted as text, images, or what have you. In any case, means of encrypting or hiding data, whether visual or textual, has existed for millenia and the Founding Fathers were certainly aware of the methods available to them, as they used them extensively throughout the Revolution.

They are irrelevant nowadays, the world is so different today than it was then, they need to write a new constitution, that's right I said it.

Firstly, the bill of rights is different from the constitution. Secondly, the bill of rights has not, nor will it ever be, made irrelevant by the passage of time. It defines what rights the government isn't allowed to infringe upon. What technology is available at the time is irrelevant to those rights. The court system was created partially to make sure that new technology didn't create loopholes, which is exactly what's being done now.

Furthermore, the entire constitution was designed to be flexible and adapt to changing times, which it has done remarkably well.

Now with that said, I do think the constitution could use a major revamp. It has been bent to near breaking between executive orders, some of the amendments, and certain bills and laws that are obviously unconstitutional but have never made it to the supreme court to be shot down. It's time we rewrote the document before we are driven to it by fear or oppression, in a time when we can look back at how it has been abused and decide how to correct it without powerful emotion or a too short time-table crippling our ability to do it right.

Just read up on TrueCrypt on Wikipedia. Fascinating that the FBI cannot crack this stuff however long they pound on it. Bonus: It is apparently Freeware. Hilarity ensues.

Well that shatters whatever illussions I had about the big bad government being able to pry open any device/software they set their minds to.

albino boo:

Andy Chalk:

albino boo:
But hey data privacy is way more important than protecting the democratic process.

You could make the same argument for warrantless phone taps, searches without any sort of probable cause and pretty much anything else. How far are you willing to go in the name of security? What are you willing to sacrifice?

If you are ordered by a court to produce a printed document you shred it not only are you guilty of contempt the shred document can be put together and used in evidence against you. Why should the process of encryption be treated any different from shredding? It is also clear that he was ordered to by a court after due process. The FBI didn't walk and demand he decrypt without a warrant is the same way that they bugged Rod Blagojevich phone. Why should it be treated any different, in both cases due process occurred. In encryption case he actually knew that and order was beginning potentiality made against him and had an opportunity defend himself in court which is more than Rod Blagojevich had. Why should data held on disk have greater legal protection than the same information held on paper or the same information exchanged by spoken word?

The pieces of the shredded paper are still in the world, they are not contained in your head. The encryption code IS in your head. They are making you give up a piece of information that may or may not lead to incriminating evidence. A key to a safe isn't a piece of information, it is a physical object that the police have every right to take with a warrant. You equaly cannot tell if it is a drug dealer hiding behind the Bill of Rights, or an innocent man just trying to use the rights he has been given. Innocent before proven guilty, remember that.

Athinira:

Evil Alpaca:

snip

It's funny how people like you come here and talk about stuff you literally know NOTHING about.

Modern encryption algorithms, the ones employed by TrueCrypt, are so strong that if you employ a strong password (and potentially keyfiles) they can't be cracked within the lifetime of the universe, even if you gathered the earths collective computer power and multiplied it by a trillion. Even quantum computers cannot help bruteforce modern algorithms (their application is in factoring prime-numbers, which can crack public key crypto like RSA, but not symmetrical key crypto like AES, Twofish and Serpent).

Neither the FBI, nor any other organization (NSA, CIA, Russians, Chinese) have the capabilities to crack modern symmetrical key crypto with a proper password/key. And no, the TrueCrypt developers cannot help them either. The system is designed with no backdoors. TrueCrypt is Open-Source, uses well-known encryption algorithms (including AES which the US Government themself use to protect data), and TrueCrypt containers have already been attempted cryptoanalyzed before. They just look like random data.

Edit: Decided to fetch you an article, that might be able to put things into perspective.

Thanks for the article, interesting read.

Decryption may not be the right word I'm looking for. What would you call figuring out a person's password based on what you know of the individual. I agree that a bruteforce solution to cracking the software is unlikely.

I wasn't trying to say the FBI would crack the software, but that they could find the necessary password key files. Given human tendency for password redundancy and the fact that the feds have the man's hardware, I was thinking in terms of cracking this particular man's software would involve searching through the man's life for figuring out what password and key files he would have picked. That too takes time which could easily be saved if the man gave up his password information.

Evil Alpaca:
Thanks for the article, interesting read.

Decryption may not be the right word I'm looking for. What would you call figuring out a person's password based on what you know of the individual. I agree that a bruteforce solution to cracking the software is unlikely.

I wasn't trying to say the FBI would crack the software, but that they could find the necessary password key files. Given human tendency for password redundancy and the fact that the feds have the man's hardware, I was thinking in terms of cracking this particular man's software would involve searching through the man's life for figuring out what password and key files he would have picked. That too takes time which could easily be saved if the man gave up his password information.

People who actively employ encryption typically don't use cheap passwords. TrueCrypt itself actually warns you if you try to create a container with a password with a length shorter than 20 characters (20 characters is enough to make the password uncrackable within the lifetime of the universe). Now assuming that someone doesn't pick something stupid (like combining the name of their cat with their phone number). Most modern encryption programs actively

Looking through their life for details that could be part of their password seldomly gives results, and if you go above a 20 character password (and doesn't use something stupid) it's still going to be practically impossible to break. Best thing you can hope for with a modest amount of processing-power is a dictionary attack with some random permutations, but the chance of even breaking a moderate (9-12 character) password is very slim.

A few years back when Amazons cloud was in the early stages, a firm was hired by a guy to crack a file he had forgotten the password to. The password was 7-8 chars long, and either took some hours or days to crack if i recall correctly. The thing is though, you only need to jump up 2 characters before the password becomes OVER NINE-THOUSAND times harder to crack (9.216 times to be exact, but i couldn't resist :D ). Cracking a password at 8-9 chars would be possible, but unfeasable. 10 chars+ using a cloud service is really pushing it unless you pull some serious money into the project, and 11-12 chars you might as well forget it (you need supercomputers to do that, and even there we're talking months, if not years).

So while i get your theory, it's unfeasable in most cases. But of course you should try. You might get lucky and have a noob on your hand.

Evil Alpaca:

Athinira:

Evil Alpaca:

snip

It's funny how people like you come here and talk about stuff you literally know NOTHING about.

Modern encryption algorithms, the ones employed by TrueCrypt, are so strong that if you employ a strong password (and potentially keyfiles) they can't be cracked within the lifetime of the universe, even if you gathered the earths collective computer power and multiplied it by a trillion. Even quantum computers cannot help bruteforce modern algorithms (their application is in factoring prime-numbers, which can crack public key crypto like RSA, but not symmetrical key crypto like AES, Twofish and Serpent).

Neither the FBI, nor any other organization (NSA, CIA, Russians, Chinese) have the capabilities to crack modern symmetrical key crypto with a proper password/key. And no, the TrueCrypt developers cannot help them either. The system is designed with no backdoors. TrueCrypt is Open-Source, uses well-known encryption algorithms (including AES which the US Government themself use to protect data), and TrueCrypt containers have already been attempted cryptoanalyzed before. They just look like random data.

Edit: Decided to fetch you an article, that might be able to put things into perspective.

Thanks for the article, interesting read.

Decryption may not be the right word I'm looking for. What would you call figuring out a person's password based on what you know of the individual. I agree that a bruteforce solution to cracking the software is unlikely.

I wasn't trying to say the FBI would crack the software, but that they could find the necessary password key files. Given human tendency for password redundancy and the fact that the feds have the man's hardware, I was thinking in terms of cracking this particular man's software would involve searching through the man's life for figuring out what password and key files he would have picked. That too takes time which could easily be saved if the man gave up his password information.

That is called social engineering or something similar.

And honestly why bother encrypting something if you write the password on a usb stick/notepad? seems a bit stupid tbh :P

Tubez:
That is called social engineering or something similar.

No. Social Engineering is more like scamming. Like sending an e-mail pretending to be someone else. "hi Danny. I need the password to your computer so i can use it for a while. Love, Mom!"

Tubez:
And honestly why bother encrypting something if you write the password on a usb stick/notepad? seems a bit stupid tbh :P

Because it's better to use a really complicated password and write it down than using a weak password that is easy to remember (and you use elsewhere).

Once you've learned the complicated password in your sleep, you can destroy whatever you wrote it down on.

Athinira:

Tubez:
That is called social engineering or something similar.

No. Social Engineering is more like scamming. Like sending an e-mail pretending to be someone else. "hi Danny. I need the password to your computer so i can use it for a while. Love, Mom!"

Tubez:
And honestly why bother encrypting something if you write the password on a usb stick/notepad? seems a bit stupid tbh :P

Because it's better to use a really complicated password and write it down than using a weak password that is easy to remember (and you use elsewhere).

Once you've learned the complicated password in your sleep, you can destroy whatever you wrote it down on.

Of course its better to use a complicated password. I just do not see the need to have it written down somewhere for longer then a day at most.

The reason I thought that social engineering was a fitting word since he suggested that they would gather information on the person and then try to crack the password. But I guess you are correct.

Tubez:
Of course its better to use a complicated password. I just do not see the need to have it written down somewhere for longer then a day at most.

Some people really have terrible memories, and will take quite a while to safely learn a long password. Remember, if you encrypt your data and forget your password, it's a really shitty situation for you :-)

 Pages PREV 1 2 3 4 5 6 NEXT

Reply to Thread

Your account does not have posting rights. If you feel this is in error, please contact an administrator. (ID# 64770)